A wide variety of computing processes require a source of randomness. Random number generators or pseudo-random number generators are used in applications such as, for example, gaming, image processing, scientific simulation, financial modeling, program testing, and computer security. Many security systems, such as those used in cryptography, digital signatures, and secure communications protocols, are built on strong cryptographic algorithms dependent on generating secret, essentially unguessable quantities for use in cryptographic keys, passwords, blinding of values in certain protocols, and the like.
Random sources can be classified as either pseudo-random or true random. Pseudo-random sources are deterministic systems designed to imitate true random sources. A basic criterion for a random source is that an attacker having full knowledge of the hardware and software being used cannot predict the bits a user will use next even if the attacker knows all of the bits used previously.
Many traditional sources of random data use pseudo-random number generators (“PRNGs”) which are triggered with an initializing seed value and use deterministic logical or numerical operations to produce a sequence of values. Being deterministic and finite, PRNGs are inherently periodic. Applications developers who require random seeming data must take pains to provide an unguessable seed value and an algorithm with a sufficiently long period. A PRNG may be used to generate a cryptographic key. As an example, if an 8 bit seed value is used to trigger a PRNG to generate a 128 bit cryptographic key, an attacker need not try all 2128 (≈3.4×1038) cryptographic keys, but instead need only search through keys generated with any of the 28 (=256) possible seed values. As this example indicates, no matter how strong or complex the manipulation of data inside a deterministic PRNG, its use for generating cryptographic keys may not be any more secure cryptographically than the (possibly somewhat limited) selection of the seed value.
Various devices and processes that may be associated with a computing device can be a source of true random data. Some examples are: a radioactive source emitting particles to an absorbing counter having a computer readable output; quantum effects in a semiconductor such as a noisy diode; electronic noise from an unplugged microphone; air turbulence within a sealed, dedicated disk drive; and some system events such as mouse strokes or timing between keystrokes.
Information entropy for a random bit stream may be defined as
  H  =      -                  ∑        x            ⁢                        P          ⁡                      (            x            )                          ⁢                              log            2                    ⁡                      (                          P              ⁡                              (                x                )                                      )                          ⁢                                  ⁢                  (          bits          )                    where x is a possible string in the stream of bits and P(x) is the probability of the occurrence of x in the bit stream. The entropy rate, J, for strings of length |x| may be defined as                J=H/|x| (entropy bits/bit of source).        
The absolute entropy of a bit stream may be defined as the minimum value obtained by J, where the minimum is taken over all possible string lengths |x|. Thus E represents a guaranteed minimum entropy per bit of source data regardless of symbol length.
In practice, one is concerned with private entropy, by which we mean bits of information not known by an attacker. One can compute private entropy as the conditional entropy, after some information about the data from the source has become known by an attacker (at least potentially). For example, if an attacker is able to capture some bits of data from an entropy source, those captured bits contain no private entropy. As another example, the daily closing value of the Dow Jones Industrial Average probably has some entropy (because at least some of its digits are unknowable in advance), but has no private entropy because the information is readily knowable to an attacker.